Full Disclosure mailing list archives
RE: Does the Windows AUX bug affect Web servers also?
From: "Gabriel Lawrence" <gabe () landq org>
Date: Wed, 9 Jul 2003 10:28:20 -0700
Yes. It is possible to crash a web server hosted on a windows box using these "special" files. Usually the vulnerability comes from posting to a script that attempts to open a file based on the arguments passed to it, not just by asking for one of these files. (I think IIS isn't dumb enough to just try them outright anymore... but most people who write scripts and whatnot aren't aware of this legacy stuff.) I don't know about different web servers besides IIS, I haven't spent that much time fooling around with it... -gabe -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Richard M. Smith Sent: Wednesday, July 09, 2003 9:50 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Does the Windows AUX bug affect Web servers also? Is it possible to also crash a Web server hosted on a Windows box using a URL something like: http://www.somebody.com/aux If this particular URL is okay, maybe there are other URLs that will cause a crash. For example, POSTing a form to a URL containing AUX. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Internet Explorer 6 DoS Bug fabian . becker2 (Jul 07)
- Re: Internet Explorer 6 DoS Bug KF (Jul 07)
- RE: Internet Explorer 6 DoS Bug Joe Hummel (Jul 07)
- Re: Internet Explorer 6 DoS Bug Dave (Jul 07)
- AW: Internet Explorer 6 DoS Bug Michael Linke (Jul 07)
- Re: Internet Explorer 6 DoS Bug xc3ed (Jul 09)
- Does the Windows AUX bug affect Web servers also? Richard M. Smith (Jul 09)
- RE: Does the Windows AUX bug affect Web servers also? Gabriel Lawrence (Jul 09)
- RE: Does the Windows AUX bug affect Web servers also? Adam (Jul 09)
- SV: Does the Windows AUX bug affect Web servers also? Peter Kruse (Jul 09)
- Re: Does the Windows AUX bug affect Web servers also? jelmer (Jul 10)
- Re: Does the Windows AUX bug affect Web servers also? morning_wood (Jul 09)
- Re: Does the Windows AUX bug affect Web servers also? Matthew Murphy (Jul 09)
- Re: Does the Windows AUX bug affect Web servers also? morning_wood (Jul 10)
- RE: Internet Explorer 6 DoS Bug Joe Hummel (Jul 07)
- Re: Internet Explorer 6 DoS Bug KF (Jul 07)
- Re: Internet Explorer 6 DoS Bug madsaxon (Jul 07)
- Re: Internet Explorer 6 DoS Bug Nik Reiman (Jul 07)